Problem Creating new search time field extraction ...

misteryuku · ‎04-08-2012

I have a problem creating new search time field extractions using the Splunk's REST API and the Java SDK.

This is the java code.
RequestMessage reqMsg = new RequestMessage();
reqMsg.setMethod("post");
reqMsg.setContent("name=firstname&stanza=sexuality&type=EXTRACT&value=(?i)^[^,]*,\w+=(?P[^,]+)");

ResponseMessage resMsg = authService.send("/servicesNS/admin/search/data/props/extractions",reqMsg);

The result was an error :
HTTP 500 -- In handler 'props-extract': Data could not be written: /admin/search/props/sexuality/EXTRACT-firstname: (?i)^[^,]*,\w

How do i fix this so that i can create a new search time field extraction through the REST API using Java ?? and i also cannot create the extraction on the IFX the error still persists.

gkanapathy · ‎04-08-2012

please see my answer to your other similar question:

http://splunk-base.splunk.com/answers/44955/create-new-field-extraction-regex-expression-via-rest-ap...

Problem Creating new search time field extraction Thru the REST API and Java Splunk SDK

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation